Threats More Complex: Report

Friday, February 27, 2015 @ 05:02 PM gHale

While this may not be a big surprise, the threat landscape is more complex than ever, a new report said.

“Mandiant consultants’ role as the first responders to critical security incidents gives us a unique vantage point into how attackers’ motives and tactics are changing,” said researchers at Mandiant in their annual M-Trends report.

RELATED STORIES
Users Remain Security’s Weakest Link
Patch a Mobile Flaw? Not so Fast
Finding a Balance: Managing OT Cyber Risk
Employee Training Boosts Security

Threat trends from 2014 include:
• Cyber security has become a boardroom priority, and an issue recognized by the public and mainstream media
• Compared to the results from the 2013 report, organizations are a bit quicker to detect cyber intrusions (205 days in 2014 vs. 229 days in 2013), even though most of them (69 percent) still find out about the breach from an outside entity such as law enforcement, a supplier or a customer. As a side note: the longest undetected cyber attackers’ presence in a company’s system was 2,982 days (a little over 8 years)
• Despite the recent high-profile Sony breach, media and entertainment companies end up less targeted than in 2013. These days, attackers focus on hitting business and professional services, retailers, and financial services
• When it comes to targeted phishing attacks, most (78 percent) phishing emails were IT or security related: Attackers attempt to impersonate the targeted company’s IT department or an anti-virus vendor.
• Breach attribution is becoming more complicated as different kinds of threat actors increasingly share the same tools — cyber criminals are stealing a page from the playbook of APT actors, while APT actors are using tools widely deployed by cyber criminals
• Retailers suffered hits by novice attackers and more advanced groups, but both were effective (the report includes a relatively detailed case study that involves the attack against a large U.S. retailer, and guidelines for protecting this type of organizations and environments)
• While tools and tactics evolve, most incidents follow a familiar pattern

Click here to register to download the report.



Leave a Reply

You must be logged in to post a comment.